OS commanding

OS commanding is a method of attacking a Web server by remotely gaining access to the operating system (OS) and then executing system commands through a browser. Once access has been gained in this way, a hacker can upload programs to the compromised server and run them. OS commanding is similar to command injection, a scheme in which an attacker alters dynamically generated content on a Web page by entering HTML code into an input mechanism, such as a form field that lacks effective validation constraints.

The vulnerability of a server or other network-connected computer to OS commanding attacks can be minimized by:

Blacklisting of forbidden character sequences.

Whitelisting of allowed character sequences.

Restricting permissions on OS commands.

Filtering out command directory names.

According to security experts, the main reason that OS commanding and similar exploits are on the rise is that security is not sufficiently emphasized in the development of operating systems and applications. To protect the integrity of network servers, experts recommend the implementation of simple precautions during development, such as controlling the types and numbers of characters that are accepted by servers from users.

Start the conversation

0 comments

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.